< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index  

Re: [reSIProcate] [reSIProcate-commit] resiprocate 7084 nash: Security.cxx/hxx:


It's branched, want me to revert it?

Nash

On 4/25/07, Jason Fischl <jason@xxxxxxxxxxxxxxx> wrote:
I don't think we should do this. It provides too much opportunity for
a production system to have all of its security disabled. If this is
needed, it should be provided on a branch.

On 4/20/07, Derek MacDonald <derek@xxxxxxxxxxxxxxx> wrote:
> It is easy to create certs/CA's/etc in a test lab where you control
> DNS.  TFM could be tweaked to provide similar capabilities.
>
> Changing the security code to allow insecure communications is a bad
> idea; it opens the door to new security problems and would give anyone
> reviewing the code for security correctness fits.
>
> I think we should revert this.
>
> -Derek
>
> On 4/20/07, Nash Tsai <nash.teltel@xxxxxxxxx> wrote:
> > It allows you the flexibility of not doing server authentication
> > check, probably useful for debugging environment.
> >
> >
> > Nash
> >
> > On 4/19/07, Jason Fischl <jason@xxxxxxxxxxxxxxx> wrote:
> > > On 4/19/07, svn@xxxxxxxxxxxxxxx <svn@xxxxxxxxxxxxxxx> wrote:
> > > >
> > > > Projectresiprocate
> > > > New Revision7084
> > > > Committernash (Nash Tsai)
> > > > Date2007-04-19 03:50:33 -0500 (Thu, 19 Apr 2007)
> > > > Log  Security.cxx/hxx:
> > > >   allow to disable server authentication
> > > >
> > > Why is this ever a good idea? In what cases is TLS doable without
> > > doing server authentication? I don't think this is a good interface or
> > > capability to add.
> > >
> > _______________________________________________
> > resiprocate-devel mailing list
> > resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
> > https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
> >
>